I am working on an E commerce web site. We are storing most of the cart details on PHP Sessions.The problem what we are facing is when the customer coming to our website and select any item..... Once he selected the item he left the page for sometime (This will be greater than default session time) and customer is paying the amount after sometime ...What is happening is customer is paying the amount and the amount get deducted from his bank account. When he return bank to our site all the session will get unset...so the database update is not happening ...so my question is
How i can solve this problem ?
What are the best ways and what are the common practices other companies are following ?
Thanks in advance
Try using cookies instead of sessions. Cookies persist until the user explicitly clears them, or they expire (you set the expiration date). Sessions go away when the user closes the browser, or very quickly with time. In php, to read a cookie, use $_COOKIE. To set a cookie, use setcookie() (support an expiration date which is very high. Something like time()+(86400*365), or one year).
if you want to continue using session and still avoid this issue,
there are two options
Change the timeout value in your web.config
assign the session variable to itself in regular interval
the second method will keep sending request to the server which will reset the time of the session expiry.
You can achieve this by calling a function using setTimeout or setInterval in jQuery
You can find more details of how to do the same easily here
Related
I have an ecommerce shop online using php, sql, javascript,ajax and sessions.
I have both guest and members cart options at checkout.
Everything works fine.
I store my cart items in a session currently.
Users can log in or have a guest cart.
Guests cart userids are referenced by the current session id.
members can login and their carts are referenced by their usersids from the database.
The problem is, the session expires after a certain amount of time and so the cart items are lost and the user has to start again.
On doing some research I have found that after the user logs in, I can store his user id in a cookie and I can specify how long that cookie lasts for which is ideal!
I am thinking of changing the code so that I store the items added to the cart in my database tables and simply reference them with the user id ive stored in his cookie.
That way He can shop for ages and not lose his cart and I can send abandon cart emails etc...
I think this would work well as nearly every website uses cookies so people have to have them enabled in their browser these days. I could show a warning message if cookies arent enabled anyway..
What does everyone think about this?
Please note I am not seeking security advice here.
I havent implemented this as yet - Im really looking to see if I can set my session lifetime to last a few hours/days instead.
I see your problem with Guest checkout and normal checkout after login.
You can go and use cookies rather than using sessions for this.
Cookie have setcookie() function with time() method.
You can set an Expiry time for that.
Go and use, it can help you
I want to make persistent shopping cart in a store powered by Opencart. In other words, If a user add products into shopping cart and user is not yet logined. But next time when customer visit site again within a week his products should be in his cart.
Products should be removed only when user explicitly removed products from cart or checkout or after one week.
I think this can be done by using cookies? help will be appreciated
There's a VERY EASY WAY to do this.
This modification works with OC 1.4.X.X and OC 1.5.X.X
Here's how it's done:
In the home directory, find system/library/session.php
You will find a line that reads:
session_set_cookie_params(0, '/');
For a 24-hour cookie, change the line to:
session_set_cookie_params(60*60*24, '/');
You're multiplying the number of seconds in a minute by the number of minutes in an hour by the number of hours in a day, that you want to set the cookie to.
This is not a true persistent cookie, but rather a very long session cookie, and as Jay Gilford has pointed out, there's no [easy] way to create persistent cookies with OpenCart, and if we figure out a way to do this we will let you all know. And because OpenCart treats this cookie as a session cookie, no matter how long the session, it will not automatically update the cookie with a new expiration date so long as the cookie has not yet expired.
A harmless side effect of the extend session cookie is that when you log in to the administrator page without previously having logged out, you'll be greeted with an "invalid token" message. It's because the (extended) session cookie "remembers" your last administrator log in. Just ignore this and log in. There's another drawback though, which is that if there's a product price change, and a user has already added that product to the basket, the user will have the former price stored in the 24-hour cookie.
The reason why OpenCart is built like this appears to be the privacy laws of the European Union, which prohibit persistent cookies unless a registered user has not logged out. Many e-commerce websites using Opencart in the United States and Canada are being needlessly burdened by a hardwired cookie policy that is causing them to lose customers who return to their websites, only to have to do their ordering all over again.
There is no mod that will do this in opencart. As mentioned in the comments section, your best option is to use cookies with a token or set the session expiry to last as long as 7 days (though this has it's drawbacks)
This is wrong:
session_set_cookie_params(60*60*24, '/');
It should be:
session_set_cookie_params(time() + 60*60*24, '/');
Anyway, this modifies the core file (system/library/session.php), so really not a perfect solution.
Please see the next comment for the solution.
I'm creating a relationship table of user sessions (each user regardless of login state gets a new user session unless they already have a cookie denoting the session ID of their current session) and webpages on my site. This will eventually be able to predict interests, in theory.
Now, I've decided that I should use a PHP cookie rather than a PHP session. How long should I set the cookie to be around for? (I currently have it at 24 hours)
Are there any negatives to setting cookies to have a long period of time before expiration? What about non-expiring cookies? How does a major website set cookie expiration times for things like "Most recently viewed items"?
I wouldn't expire them at all (or only in a year or so) if you intend to use the cookies to track users for a long time - as the user visits the page and you find out the cookie data is obsolete, you can delete them using setcookie() (set expiration date to somewhere in the past).
Note that many users have cookies disabled, or have them automatically deleted when they close their browser, for exactly this reason. People don't like to get tracked.
What are you doing to protect from session hijacking? How do you handle people who may visit from a shared computer, do they get the same session?
I would suggest setting up a user login and track information by user. Otherwise, the data you get will not be qualified and can only be guessing at best.
I have a CI app that takes orders online. I link each order to a session ID b/c anyone can order w/o logging in.
When the user clicks on check out, the session ID is sent to PayPal... in which case, the session ID sent back to me along with payment info.
Sometimes PayPal IPN (instant payment notification) gets delayed.. up to 24 hours. (Yes, not very "instant"). In which case, the session variables are already gone (i.e what & how many they ordered) since the session library clears it up.
In this case, I am sunk. So I thought about extending the sess_time_to_update to like 3 days...
Is there a downside to doing this? If so, what?
Is there a workaround that I can implement instead?
Store the session information in a database before sending them off to PayPal then when the IPN hits, have it look into the database to retrieve values. You should never use a session for something that critical and something THAT long.
I need all active sessions to be destroyed when I call a certain function. This function when called needs to destory all sessions NOT immediately but after exactly 30 seconds. Even if the user leaves the page where the session was called before the 30 seconds, his browser should still be cleared of all sessions so when he comes back to the site none of those sessions will be active.
Is this possible? If so how would one go about writing such a function?
EDIT
As for why I need this, I have a shopping cart script that when submitted takes the user to paypal to process payment. If I destroy all sessions when the submit button on that payment form is clicked, I can;t pass all the form data onto paypal. If I don't destroy all sessions, when the user comes back to the site the shopping cart is still filled with the contents he purchased before.
I need the cart to be empty when the user comes back. I figured 30 seconds will give the user ample time to go to the paypal page by which point my cart script has already sent all necessary info to paypal. And then destroying all sessions is safe without fearing disruption to service.
So what I need is sort of a timer script that will work on the server side and will destroy the sessions even when the user is no longer on that page.
See http://bytes.com/topic/php/answers/4134-when-how-php-session-expire-can-i-set-minutes-inactivity
Ok, so nevermind my hairbrained sleep() approach.
Set a flag in the session, before you send them over to paypal. Check this flag and clear the session/cart if it's set.